You can use one script or enter a comma-separated list of script names. Once you know what a script does, you can perform a scan using it. You can select or load scripts to perform a scan in different methods explained below. Loading NSE Scripts To Perform Nmap Scans Performs a HEAD request for the root folder ("/") of a web server and displays the HTTP headers returned. Sample Output Starting Nmap 7.01 ( ) at 10:37 IST
To use a script for the appropriate purpose, you can, first of all, get a brief description of what it actually does, for instance, http-headers. Nmap done: 1 IP address (1 host up) scanned in 11.74 seconds Sample Output Starting Nmap 7.01 ( ) at 10:36 IST To perform a scan with most of the default scripts, use the -sC flag or alternatively use -script=default as shown. Additionally, you can pass arguments to some scripts via the -script-args and -script-args-file options, the later is used to provide a filename rather than a command-line arg. You can view a description of a script with the -script-help option. $ nmap -script filename|category|directory|expression. The syntax for enabling scripts is as follows: $ nmap -sC target #load default scripts NSE scripts are loaded using the -script flag, which also allows you to run your own scripts by providing categories, script file names, or the name of directories where your scripts are located. usr/share/nmap/scripts/allseeingeye-info.nse usr/share/nmap/scripts/afp-showmount.nse usr/share/nmap/scripts/afp-serverinfo.nse usr/share/nmap/scripts/afp-path-vuln.nse To see the location of all available NSE scripts, run the locate utility on the terminal, like this: $ locate *.nse Nmap uses the scripts/script.db database to figure out the available default scripts and categories.Considering this, it is recommended to use a prerule for purposes of consistency. Secondly, many of these scripts may possibly run as either a prerule or postrule script.This is because these scripts are not run in a sandbox and thus could unexpectedly or maliciously damage your system or invade your privacy. Do not execute scripts from third parties without critically looking through them or only if you trust the authors.Note: Before we move any further, you should take a note of these key points: A number of scripts belong to the default category. Then these scripts are grouped under various categories including those for authentication ( auth), discovering of hosts ( broadcast), brute force attacks to guess authentication credentials ( brute), discovering more about a network ( discovery), causing a denial of service ( dos), exploiting some vulnerability ( exploit), etc. Postrule scripts – are scripts run after Nmap has scanned all of its target hosts.Service scripts – are scripts run against specific services listening on a target host.Host scripts – are scripts executed after Nmap has performed normal operations such as host discovery, port scanning, version detection, and OS detection against a target host.Prerule scripts – are scripts that run before any of Nmap’s scan operations, they are executed when Nmap hasn’t gathered any information about a target yet.
There are four types of NSE scripts, namely: Read Also: 29 Practical Examples of Nmap Commands for Linux It enables you to write your own scripts in Lua programming language, and possibly share these scripts with other Nmap users out there.
One of the interesting features of Nmap is the Nmap Script Engine ( NSE), which brings even more flexibility and efficiency to it. It can also help you get an overview of systems that connected your network you can use it to find out all IP addresses of live hosts, scan open ports and services running on those hosts, and so much more. Nmap is a popular, powerful and cross-platform command-line network security scanner and exploration tool.
0 kommentar(er)
